From cc02d2bb647c0df9125dbbdfa7b4ed1572e98931 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 22 Nov 2017 09:40:15 -0800 Subject: [PATCH] Use logical interface names in the samples. Signed-off-by: Tom Eastep --- Shorewall/Samples/one-interface/interfaces | 4 ++-- Shorewall/Samples/three-interfaces/interfaces | 8 ++++---- Shorewall/Samples/three-interfaces/snat | 4 ++-- Shorewall/Samples/three-interfaces/stoppedrules | 10 +++++----- Shorewall/Samples/two-interfaces/interfaces | 6 +++--- Shorewall/Samples/two-interfaces/snat | 4 ++-- Shorewall/Samples/two-interfaces/stoppedrules | 6 +++--- docs/standalone.xml | 8 -------- docs/three-interface.xml | 13 +++++-------- docs/two-interface.xml | 10 ++++------ 10 files changed, 30 insertions(+), 43 deletions(-) diff --git a/Shorewall/Samples/one-interface/interfaces b/Shorewall/Samples/one-interface/interfaces index a192e4219..9ce7f183e 100644 --- a/Shorewall/Samples/one-interface/interfaces +++ b/Shorewall/Samples/one-interface/interfaces @@ -1,6 +1,6 @@ # # Shorewall - Sample Interfaces File for one-interface configuration. -# Copyright (C) 2006-2015 by the Shorewall Team +# Copyright (C) 2006-2017 by the Shorewall Team # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -14,4 +14,4 @@ ?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS -net eth0 dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0 +net NET_IF dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0,physical=eth0 diff --git a/Shorewall/Samples/three-interfaces/interfaces b/Shorewall/Samples/three-interfaces/interfaces index f9ead131d..bf9267fad 100644 --- a/Shorewall/Samples/three-interfaces/interfaces +++ b/Shorewall/Samples/three-interfaces/interfaces @@ -1,6 +1,6 @@ # # Shorewall - Sample Interfaces File for three-interface configuration. -# Copyright (C) 2006-2015 by the Shorewall Team +# Copyright (C) 2006-2017 by the Shorewall Team # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -14,6 +14,6 @@ ?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS -net eth0 tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0 -loc eth1 tcpflags,nosmurfs,routefilter,logmartians -dmz eth2 tcpflags,nosmurfs,routefilter,logmartians +net NET_IF tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0 +loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1 +dmz DMZ_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth2 diff --git a/Shorewall/Samples/three-interfaces/snat b/Shorewall/Samples/three-interfaces/snat index 689a85f8e..a1b3482b5 100644 --- a/Shorewall/Samples/three-interfaces/snat +++ b/Shorewall/Samples/three-interfaces/snat @@ -1,6 +1,6 @@ # # Shorewall - Sample SNAT/Masqueradee File for three-interface configuration. -# Copyright (C) 2006-2016 by the Shorewall Team +# Copyright (C) 2006-2017 by the Shorewall Team # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -20,4 +20,4 @@ MASQUERADE 10.0.0.0/8,\ 169.254.0.0/16,\ 172.16.0.0/12,\ - 192.168.0.0/16 eth0 + 192.168.0.0/16 NET_IF diff --git a/Shorewall/Samples/three-interfaces/stoppedrules b/Shorewall/Samples/three-interfaces/stoppedrules index bf2d12742..a79b2f6ca 100644 --- a/Shorewall/Samples/three-interfaces/stoppedrules +++ b/Shorewall/Samples/three-interfaces/stoppedrules @@ -1,6 +1,6 @@ # # Shorewall - Sample Stoppedrules File for three-interface configuration. -# Copyright (C) 2012-2015 by the Shorewall Team +# Copyright (C) 2012-2017 by the Shorewall Team # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -13,8 +13,8 @@ ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE # PORT(S) PORT(S) -ACCEPT eth1 - -ACCEPT - eth1 -ACCEPT eth2 - -ACCEPT - eth2 +ACCEPT LOC_IF - +ACCEPT - LOC_IF +ACCEPT DMZ_IF - +ACCEPT - DMZ_IF diff --git a/Shorewall/Samples/two-interfaces/interfaces b/Shorewall/Samples/two-interfaces/interfaces index 3a4cf3e42..7f6ba993d 100644 --- a/Shorewall/Samples/two-interfaces/interfaces +++ b/Shorewall/Samples/two-interfaces/interfaces @@ -1,6 +1,6 @@ # # Shorewall - Sample Interfaces File for two-interface configuration. -# Copyright (C) 2006-2015 by the Shorewall Team +# Copyright (C) 2006-2017 by the Shorewall Team # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -14,5 +14,5 @@ ?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS -net eth0 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0 -loc eth1 tcpflags,nosmurfs,routefilter,logmartians +net NET_IF dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0 +loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1 diff --git a/Shorewall/Samples/two-interfaces/snat b/Shorewall/Samples/two-interfaces/snat index 3610b3c3a..2a84b772a 100644 --- a/Shorewall/Samples/two-interfaces/snat +++ b/Shorewall/Samples/two-interfaces/snat @@ -1,6 +1,6 @@ # # Shorewall - Sample SNAT/Masqueradee File for two-interface configuration. -# Copyright (C) 2006-2016 by the Shorewall Team +# Copyright (C) 2006-2017 by the Shorewall Team # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -20,4 +20,4 @@ MASQUERADE 10.0.0.0/8,\ 169.254.0.0/16,\ 172.16.0.0/12,\ - 192.168.0.0/16 eth0 + 192.168.0.0/16 NET_IF diff --git a/Shorewall/Samples/two-interfaces/stoppedrules b/Shorewall/Samples/two-interfaces/stoppedrules index 63e72fbf6..bba4a1e21 100644 --- a/Shorewall/Samples/two-interfaces/stoppedrules +++ b/Shorewall/Samples/two-interfaces/stoppedrules @@ -1,6 +1,6 @@ # # Shorewall - Sample Stoppedrules File for two-interface configuration. -# Copyright (C) 2012-2015 by the Shorewall Team +# Copyright (C) 2012-2017 by the Shorewall Team # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -13,5 +13,5 @@ ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE # PORT(S) PORT(S) -ACCEPT eth1 - -ACCEPT - eth1 +ACCEPT LOC_IF - +ACCEPT - LOC_IF diff --git a/docs/standalone.xml b/docs/standalone.xml index 521925f4a..234527e2e 100644 --- a/docs/standalone.xml +++ b/docs/standalone.xml @@ -360,14 +360,6 @@ root@lists:~# are there, you may wish to review the list of options that are specified for the interface. Some hints: - - If your external interface is ppp0 or ippp0, you can replace the - detect in the second column with - (minus - the quotes). - - If your external interface is ppp0 or are there, you may wish to review the list of options that are specified for the interfaces. Some hints: - - If your external interface is ppp0 or ippp0, you can replace the - detect in the second column with - - (without the quotes). - - If your external interface is ppp0 or ippp0 or if you have a static IP address, you can remove dhcp from the option list. + + Prior to Shorewall 5.1.9, it is also required to change the snat and + stoppedrules file, to replace eth0 with the name of + your external interface and eth1 with the name of + your local interface.
diff --git a/docs/two-interface.xml b/docs/two-interface.xml index 06413f1fd..11086bf26 100644 --- a/docs/two-interface.xml +++ b/docs/two-interface.xml @@ -442,12 +442,6 @@ root@lists:~# class="directory">/etc/shorewall/interfaces file accordingly. While you are there, you may wish to review the list of options that are specified for the interfaces. Some hints: - If your external interface is ppp0 or ippp0, you can replace the - detect in the second column with a - - (minus the quotes). - If your external interface is ppp0 or ippp0 or if you have a static @@ -459,6 +453,10 @@ root@lists:~# add the routeback option to the option list. + + Prior to Shorewall 5.1.9, you will also need to modify the snat and + stopped rules file, replacing eth1 with the name of your internal + interface.